Security firm Lookout dissects the Geinimi trojan

A week or so ago we warned everyone about the Geinimi trojan that's been spotted in the wilds of the Orient. The threat level itself hasn't increased (as far as we know) if you aren't poking around Chinese Android fansites and downloading slightly questionable programs, so there's no need to ring the alarm and circle the wagons just yet. Lookout has torn down the trojan itself and gives a great overview of what it does, and how it does it. This isn't a primer to teach yourself trojan writing, it's standard practice among security firms to show how things are done and help find ways to prevent it in the future. First, here's exactly what this trojan can do:

Read and collect SMS messages

Send and delete selected SMS messages

Pull all contact information and send it to a remote server (number, name, the time they were last contacted)

Place a phone call

Silently download files

Launch a web browser with a specific URL

Yikes. Remember, this is so far a pretty isolated incident, and this isn't in any apps you can get from the Android Market. In fact, so far it looks like it's confined to "warez" files, so it mirrors what you find on the internet when downloading questionable files for your computer. Our advice -- stick to applications from someone you trust, and if you have a need to download random applications (we have to do it here all the time to check them out) find a method to scan them for malicious code.

Lookout breaks the code itself down, if your a developer or just curious be sure to have a look. It's pretty sophisticated and a shame that the developer(s) don't put their effort into something a bit more productive. Check the source link for all the details, including a .pdf file with a complete code breakdown. [Lookout] Thanks Cerena!

I wouldn't be surprised if they freakin' created it themselves.
I trust these mobile antivirus makers about as much as these trojan carrying apps.
Funny how these are the same guys that conveniently found a virus at blackhat right as they released their own "service" on the market.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.